summaryrefslogtreecommitdiffstats
path: root/common/rfs_access.te
diff options
context:
space:
mode:
authorAvijit Kanti Das <avijitnsec@codeaurora.org>2014-11-05 16:36:30 -0800
committerAvijit Kanti Das <avijitnsec@codeaurora.org>2014-11-12 11:44:55 -0800
commitb73cff1f7b83add4a815fb2d768194c3174d56c1 (patch)
tree2f7c9a5d9774258fee5b278482518cb8069ae789 /common/rfs_access.te
parent630212a4cfc0d712732027ec342f753d71308ba6 (diff)
downloadandroid_device_qcom_sepolicy-b73cff1f7b83add4a815fb2d768194c3174d56c1.tar.gz
android_device_qcom_sepolicy-b73cff1f7b83add4a815fb2d768194c3174d56c1.tar.bz2
android_device_qcom_sepolicy-b73cff1f7b83add4a815fb2d768194c3174d56c1.zip
Seandroid: Adding context for rfs access
Adding context for rfs_access and adding few more policies Change-Id: Ic8df22f19adc27af32c618ac3e6da657e93c73bb
Diffstat (limited to 'common/rfs_access.te')
-rw-r--r--common/rfs_access.te3
1 files changed, 3 insertions, 0 deletions
diff --git a/common/rfs_access.te b/common/rfs_access.te
index 129ffa3b..ec946c27 100644
--- a/common/rfs_access.te
+++ b/common/rfs_access.te
@@ -38,3 +38,6 @@ allow rfs_access firmware_file:file { open read getattr };
#Prevent other domains from accessing RFS data files.
neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -init_shell } rfs_data_file:dir { write search create add_name };
neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -init_shell } rfs_data_file:file { open read write create append getattr };
+
+allow rfs_access self:capability { setuid setpcap net_raw };
+allow rfs_access smem_log_device:chr_file rw_file_perms;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-19 16:07:03 +0000